hellokitty | 1144d0448fefe26f5b9db7e7a7522c9a46eded3a603daa903052373cecc92b27 | Triage

Submit
Reports

Overview

overview

Static

static

1

1144d0448f...27.exe

windows10-2004-x64

Sharing

General

Target

1144d0448fefe26f5b9db7e7a7522c9a46eded3a603daa903052373cecc92b27.exe
Size

188KB
Sample

250410-j89mgawvb1
MD5

db804c3f55c5d09dace40c76c99cab52
SHA1

e170f46854f3ccda006528b14ff09ecf5756cf5e
SHA256

1144d0448fefe26f5b9db7e7a7522c9a46eded3a603daa903052373cecc92b27
SHA512

dc3775844855ce5a8436cdcde4a2f03bd0dac73ed5ac89ab94e2bdc5f1891ea347a6a89db7224e6522ac58ba61e0e9efba1695e23828eeb65853a336553e1a47
SSDEEP

3072:Z0bRbeSCuF7PXuwFyoJ+mKTrZYzXlEmS6ZCHOoSnEYXosMM:Z2FeSCulPXuwIoWT9YlhD4dM

Score

10^/10

hellokitty discovery ransomware

Static task

static1

Behavioral task

behavioral1

Sample

1144d0448fefe26f5b9db7e7a7522c9a46eded3a603daa903052373cecc92b27.exe

Resource

win10v2004-20250314-en

hellokitty discovery ransomware

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  1144d0448fefe26f5b9db7e7a7522c9a46eded3a603daa903052373cecc92b27.exe
- Size
  
  188KB
- MD5
  
  db804c3f55c5d09dace40c76c99cab52
- SHA1
  
  e170f46854f3ccda006528b14ff09ecf5756cf5e
- SHA256
  
  1144d0448fefe26f5b9db7e7a7522c9a46eded3a603daa903052373cecc92b27
- SHA512
  
  dc3775844855ce5a8436cdcde4a2f03bd0dac73ed5ac89ab94e2bdc5f1891ea347a6a89db7224e6522ac58ba61e0e9efba1695e23828eeb65853a336553e1a47
- SSDEEP
  
  3072:Z0bRbeSCuF7PXuwFyoJ+mKTrZYzXlEmS6ZCHOoSnEYXosMM:Z2FeSCulPXuwIoWT9YlhD4dM
Score

10^/10

hellokitty discovery ransomware
- HelloKitty Ransomware
  Ransomware family which has been active since late 2020, and in early 2021 a variant compromised the CDProjektRed game studio.
  ransomware hellokitty
- Hellokitty family
  hellokitty
- Renames multiple (180) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hellokittydiscoveryransomware

© 2018-2025

Terms | Privacy